[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: INITIAL-CONTACT issues

To: Sankar Ramamoorthi <Sankar@vpnet.com>
Subject: RE: INITIAL-CONTACT issues
From: Stephen Kent <kent@bbn.com>
Date: Mon, 3 May 1999 15:51:56 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: <D899E9E27BE9D211842200805FA67B43016E34@vpnet.com>
Sender: owner-ipsec@lists.tislabs.com

Sankar,

The TCP spec does not contain a "keepalive" mechanism (at least the one I
remember did not); keepalive is a feature added by some implementations.
TCP specifies timers for killing off connections, e.g., in terms of no ack
for transmitted data, which is one way to deal with the situation where one
end of the connection has crashed. Also, since TCP is implemented in end
systems, an application may intervene to terminate a connection, e.g.,
because a user decides to give up.  IPsec, when implemented in a host, and
integrated with a socket interface, can use the same set of inputs for
terminating an SA if the SA is dedicated to a TCP connection.

IPsec has a harder job, in the case of an SG, because there is no direct
tie to a socket interface.  That's where SA management, in terms of
cleanup, becomes hard.

Steve

Prev by Date: Re: Java crypto Cipher-Block-Chaining isn't chaining
Next by Date: IPSec support within BSDi 4.0?
Prev by thread: Re: Java crypto Cipher-Block-Chaining isn't chaining
Next by thread: RE: INITIAL-CONTACT issues
Index(es):
- Main
- Thread